3:37 pm (UTC-7) | by Symphony Luo (Mobile Threat Analyst)
The presence of malicious apps on Google Play and other popular Android app providers remains a persistent problem. As of the first week of December, approximately 1,700+ malicious apps are still available on the Google Play and two third-party Android app distributors.
Though app providers have implemented certain regulations to mitigate the ruckus of malicious or high-risk apps, we are still noticing that these apps are being peddled on popular third party app providers. Some were even downloaded more than 100,000 times.
During December 5th- December 10th, we found that a total of 1,730 can still be downloaded from Google Play and two other third party app providers we’ve observed. The chart below shows a comparison of the number of unique malware available on these sites.
We noted that there are specific malware families available per site. The pie charts below show the distribution for each app provider. For app Google Play, FAKEAPP variants have the most number. FAKEAPP are rogue or fake versions of well-known apps. Once users are tricked into installing them, these apps steal sensitive information from the device and send these to remote servers.
For the top third-party app providers, the likeliest malicious apps that users can encounter are GAPPUSIN variants. GAPUSSIN variants are known to download other malicious apps and steal information from users.
Affected users are likely to receive annoying pop-up ads, have their personal information stolen, or be charged for certain services without their consent. For additional information, the table below provides short descriptions on the routines of each malware family that are commonly found on the app providers we’ve observed.
The selling point of the Android platform is the freedom it gives to users to download apps from different app providers. Users have the option to install apps from whichever sites they prefer. This freedom, however, has been leveraged repeatedly by malicious developers and cybercriminals who want to take a bite of the Android craze. Just this August, we’ve found 164 unique high-risk apps on Google Play and certain third-party app stores. Aside from aggressively pushing ads, these apps are known to collect mobile data without the user’s knowledge and send these to remote users.
Early this year, we’ve also noted 17 malicious apps available on Android’s official app provider, which were downloaded more than 700,000 times. These include apps that track users’ location, calls, and messages.
With the way things are going, it may take a while before we see a decrease in malicious Android apps. As the platform is poised to overshadow its competitors, we can even expect an increase in this threat. As predicted in our 2013 Security Threat Predictions, we are foreseeing a threefold increase in the number of malicious and high-risk apps to users.
What does this mean for Android users? In a nutshell, they remain targets of shady developers and criminals who are bent on taking advantage of the platform. Thus, one can never be too careful in downloading apps, even from Google Play. Added precaution, such as researching about the app developer’s reputation may be added work for users but it ensures a safer mobile experience.
We are continuously monitoring for app providers for both newly uploaded and popular apps and check for the behavior of these apps. Trend Micro Mobile Security Personal Edition is capable of detecting the threats we mentioned above.
To know more about Android-related threats and how to secure mobile devices, you can visit our Mobile Threat Information Hub.
Share this article